It's still vulnerable to XSRF even if it only binds to localhost. And, given that the vulnerable script codetester.php
is at a known location and requires no nonce for submissions, it's incredibly straightforward to attack.

Secunia Security Advisory - Multiple vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

Secunia Security Advisory - Two vulnerabilities have been reported in RSA NetWitness Informer, which can be exploited by malicious people to conduct click-jacking and cross-site request forgery attacks.

Secunia Security Advisory - Debian has issued an update for mysql-5.1. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to cause a DoS (Denial of Service) and potentially execute arbitrary code, and by malicious people to potentially compromise a vulnerable system.

Secunia Security Advisory - Matthew Joyce has discovered multiple vulnerabilities in ConcourseConnect, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks.

Secunia Security Advisory - Matthew Joyce has discovered multiple vulnerabilities in ConcourseConnect, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks.

This week I have being trying to do a metasploit attack onto my Laptop and then use the webcam on it to take a picture. But I keep getting an error. Before I start to talk about the error let me show you the important details that you could need to help me out:

Laptop:
Windows 7 Ultimate Service Pack 1 32-bit
IP : 192.168.1.4 or 192.168.1.3 (It would change from one another randomly when rebooted)
Is connected to my network.

Alright, now to what I did:
Click the start button thing and then clicked "Backtrack" then "Exploitation Tools" then "Network Exploitation Tools" then "MetaSploit Framework" then "msfconsole"
Also typing in "msfconsole" in the console works too :)
Below are what showed up in the console (Had to type it in manually :P):

And sometimes the "[-]Exploit failed [unreachable]: Rex::HostUnreachable The host (192.168.1.4:455) was unreachable." would be "[-]Exploit failed [unreachable]: Rex::ConnectionTimedOut The connection to (192.168.1.4:445) was timed out."

hello all i am just setting up backtrack as my main operating system after years of live usb boots and i want to make it feel a little more comfortable ive been a crunchbang 9 user for a long time because i like the easy customization and feel of the system
my questions are can you help me set up crunchbang 5 r3 to be more like crunchbang 9 such as adding
openbox
wicd-curses
usplash
gdm
conky
the gui package manager
and the other programs that crunchban9 uses to customize the system such as screen resolution, background image, and other such goodies i will be making a list of everything i need to get done but first and foremost i would like to get the main parts listed in the beginning done i am not asking for you to do it for me i am asking if you could guide me though it ive tried installing openbox before but there were to many issues thank you all

Polyvaccine is a detection software that enables protection to HTTP or SIP servers from unknown binary attacks, such as polymorphic exploit attacks, and DDoS at the application layer. Linux and FreeBSD platforms are supported.

Polyvaccine is a detection software that enables protection to HTTP or SIP servers from unknown binary attacks, such as polymorphic exploit attacks, and DDoS at the application layer. Linux and FreeBSD platforms are supported.

Polyvaccine is a detection software that enables protection to HTTP or SIP servers from unknown binary attacks, such as polymorphic exploit attacks, and DDoS at the application layer. Linux and FreeBSD platforms are supported.

RSA NetWitness Informer web interface is susceptible to cross-site request forgery and click-jacking vulnerabilities. These vulnerabilities could be potentially exploited by malicious people by tricking an authenticated user to click on specially-crafted links. This may lead to execution of malicious html requests or scripts in the context of the authenticated user.

RSA NetWitness Informer web interface is susceptible to cross-site request forgery and click-jacking vulnerabilities. These vulnerabilities could be potentially exploited by malicious people by tricking an authenticated user to click on specially-crafted links. This may lead to execution of malicious html requests or scripts in the context of the authenticated user.

RSA NetWitness Informer web interface is susceptible to cross-site request forgery and click-jacking vulnerabilities. These vulnerabilities could be potentially exploited by malicious people by tricking an authenticated user to click on specially-crafted links. This may lead to execution of malicious html requests or scripts in the context of the authenticated user.

Normally, if a DBA wants to grant FILE privilege to users, the server
will have something like secure-file-priv=/tmp/mysql (for example)
specified in the configuration file. This way any operation allowed by
the FILE privilege (like SELECT ... OUTFILE) will only be able to access
files under the /tmp/mysql/ path.

Here’s a rather exciting development for those who work with MSP430 microcontrollers. [M-atthias] worked out a way to implement USB 1.1 on a MSP430G2452. He’s bit banging the communications as this hardware normally doesn’t support the Universal Serial Bus. This is much like using the V-USB stack for AVR micros. The test hardware seen above uses an [...]

Correct, I tell that from experience because I've seen many
configurations where the least privileged user has file privs enabled.
If we leave it that way the attackers will be more happy, it's not
decision to patch it or not, just a hint .

Oh hey, another barebones dev board. Well, that’s what we said to ourselves when we first saw this picture, but the way this is presented is like crack for geeks. It starts with this tiny board, which has a footprint smaller than a credit card. But once you start looking at the add-ons you’ll want [...]

So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and the impacts are potentially quite severe.
So I've spoken with some other Red Hat SRT members and we feel it is
best to get CVE #'s assigned for these issues quickly so we can refer
to them properly.

So in the case of this issue it appears to be documented (UDF, do not
run MySQL as administrator, etc.). As I understand CVE assignment
rules this issue does not require a CVE, however just to be on the
safe side I'm CC'ing MySQL, Oracle, MariaDB, OSS-SEC, Steven Christey,
cve-assign and OSVDB to the CC so that everyone is aware of what is
going on.

So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and the impacts are potentially quite severe.
So I've spoken with some other Red Hat SRT members and we feel it is
best to get CVE #'s assigned for these issues quickly so we can refer
to them properly.

So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and the impacts are potentially quite severe.
So I've spoken with some other Red Hat SRT members and we feel it is
best to get CVE #'s assigned for these issues quickly so we can refer
to them properly.

So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and the impacts are potentially quite severe.
So I've spoken with some other Red Hat SRT members and we feel it is
best to get CVE #'s assigned for these issues quickly so we can refer
to them properly.

So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and the impacts are potentially quite severe.
So I've spoken with some other Red Hat SRT members and we feel it is
best to get CVE #'s assigned for these issues quickly so we can refer
to them properly.

These guys are all engineers who are employed by Dyson. They’re holding remote control creations made from Dyson parts. This time around the object of the challenge was to build a bot based on a the Dyson ball and race it through an obstacle course. This sort of thing is right up our alley, but [...]

So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and the impacts are potentially quite severe.
So I've spoken with some other Red Hat SRT members and we feel it is
best to get CVE #'s assigned for these issues quickly so we can refer
to them properly.

MySQL Server exploitable stack based overrun
Ver 5.5.19-log for Linux and below (tested with Ver 5.1.53-log
for suse-linux-gnu too) unprivileged user (any account
(anonymous account?), post auth) as illustrated below the
instruction pointer is overwritten with 0x41414141 bug found by
Kingcope this will yield a shell as the user 'mysql' when properly
exploited

# As seen below $edx and $edi are fully controlled,
# the current instruction is
# => 0x83a6b24 <free_root+180>: mov (%edx),%edi
# this means we landed in a place where 4 bytes can be controlled by 4 bytes
# with this function pointers and GOT entries can be rewritten to
execute arbritrary code

Out of curiosity, is this exploitable when using hardened toolchain
settings? Specifically, -z,noexecheap, -z,now, and...

[Christian] is growing a tomato plant on his desk and wanted to capture some time-lapse images of its progress. To that end he built a rig that monitors moisture levels and snaps images at regular intervals. The hardware he’s using is part of the Gadgeteer family. These run a .NET micro framework and are modular [...]

I found a method to crack mysql user passwords locally or over the
network pretty efficiently.
During Tests it was possible to test 5000 passwords per second over the network.
The method is as follows:

[Jason] and his father took advantage of a week off of work over Thanksgiving to design and build a Christmas light decoration that can flash fancy patterns. He calls it the Uno Christmas Tree. It’s sixteen strands of lights draped between a pole and the ground to form the shape of a tree. The main [...]

How do i Back up "apt-get dist-upgrade" downloads
I wasted 600mb+ on downloading updates how can i back them up and reinstall them(offline) on a new BT installation

My 3g dev disconnected 2 times during a critical download of flash player and opon reboot BT got Broken into lil bits all over my floor....:mad:
This is after 1 hour of downloading 300mb and this happened Twice
I hate my isp:mad:

This iPhone 4s is charging without a dock connector because [Tanv28] added inductive charging hardware inside the case. The hack is not for the faint of heart. But if you’ve got a precision soldering iron and a stead hand we bet you can pull it off. It starts with disassembly to get at the cable [...]

When you don’t want to use I2C or SPI, and MIDI and DMX are old hat, [Scott] comes along and invents a very strange networking protocol that is just daisy chaining a few Arduinos together with serial connections. Strange as it may seem, this networking protocol actually makes a whole lot of sense. [Scott] is [...]

Before it became the darling of circuit benders the world over, the Speak & Spell was a marvel of modern technology. Complete with a microprocessor and voice synthesizer, the Speak & Spell was able to speak a limited vocabulary that [Furrtek] thought should include words such as, “al qaeda”, “necrosis”, and “butt”. The Speak & [...]

There’s a reason we’ve seen a menagerie of quadcopters over the past few years – the key piece of any quadcopter build is an inertial measurement unit. Historically a very complicated and expensive piece of kit, these IMUs came down in price a few years back, allowing anyone with a few dollars in their pocket and [...]

I'm trying to get my RT2860 wireless adapter to do packet injection. I installed the compat-wireless drivers as described here http://www.backtrack-linux.org/forum...ad.php?t=37549, that seemed to work well, my new driver is called RT2800PCI as described there and I can connect to the internet.

I make sure the adapter is UP and in monitor mode, then run a probe request using aireplay-ng -9 ra0 (which is my adapter as listed in iwconfig). It comes back with "Trying broadcast probe requests...No answer..Found 3 APs" (or whatever number, depending on channel).

When it tries directed probe requests, I get 0/30: 0%.

I'm on BT5 RT3 HDD Gnome 32-bit
on a MSI Wind u100 (yeah, old)

If you want to see any output from commands, let me know! Thanks in advance for any replies.

Update #1: I think the problem is that I've failed to uninstall the old driver? I've added it to the blacklist, but it seems to be running anyway.
When I run modprobe -r rt2860sta it comes back with "Fatal: Module rt2960sta is in use". The driver should now be rt2800pci after installing compat-wireless, right?

Update #2: I realised from the lsmod that the old driver was in use, so I disabled the wireless card and successfully removed the driver. On reboot, the rt2800pci-driver seems to load fine, it lists ra0 (my interface) in ifconfig and iwconfig. However, it now finds no APs, even on channel 6 (where I know my AP is located), and I got some error about bus (disappeared quickly) when trying to connect to Wicd - that also states that no networks are found.

Update #3: Oops, seems the original driver wasn't as gone as I thought. It came back after a boot! I must have done something wrong when installing compat-wireless...

Normally, if a DBA wants to grant FILE privilege to users, the server
will have something like secure-file-priv=/tmp/mysql (for example)
specified in the configuration file. This way any operation allowed by
the FILE privilege (like SELECT ... OUTFILE) will only be able to access
files under the /tmp/mysql/ path.

Correct, I tell that from experience because I've seen many
configurations where the least privileged user has file privs enabled.
If we leave it that way the attackers will be more happy, it's not
decision to patch it or not, just a hint .

Hi,
My opinion is that the FILE to admin privilege elevation should be patched.
What is the reason to have FILE and ADMIN privileges seperated when
with this exploit
FILE privileges equate to ALL ADMIN privileges.
I understand that it's insecure to have FILE privileges attached to a user.
But if this a configuration issue and not a vulnerability then as
stated above there must be something wrong with the privilege
management in this SQL...

Second problem is, I try to install the ia32 bits libc and I also get this error:
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168f-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168f-1.fw for module r8169
>.<

I have a Western Digital Mybook Essential external HDD 2TB which is password locked. Well with my old OS it showed me that is unlocked, but as I changed the OS it's showing that is locked, I've already tried all the possible combinations of passwords that I could remember but no luck. I want to access the HDD somehow but I don't know how I could bypass the lock in linux.

fdisk -l doesn't show the HDD.
lsusb is showing me that it's connected

In /media/sr1 appears the WD Unlocker mounted, but the HDD itself is not showing. If I can't access the HDD by bypassing the lock then it's even possible then to retrieve the data from it if I format the locked HDD?Because as I've read the hardware locked devices have a formating technique after which the data cannot be retrieved(Is this true?).